In a blog post published yesterday on the Twitter site, director of trust and safety Del Harvey explained Twitter's strategy to protect users who are targeted by phishing scams sent using direct messages.
All links submitted to Twitter will be scanned using the new service, enabling Twitter to detect and intercept malicious links before it spreads throughout the user base.
"Since these attacks occur primarily on direct messages and email notifications about direct messages, this is where we have focused our initial efforts," Harvey said. Although users would be largely unaware of the service in operation, they may notice links shortened to twt.tl in direct messages and email notifications."
At the end of last month, Twitter CEO Biz Stone acknowledged a rise in phishing attacks targeting the service and its users. Compromised accounts are used to send a link to every follower directing them to a fake Twitter web page that harvests their details. These accounts are then used to send out more messages, propagating the attack. Compromised accounts are also used to send spam, enabling the attackers to monetize their campaign.
Twitter already scans URLs that have been condensed using bit.ly , which is its official URL shortening service.